Lista CVE - 2025 / Giugno
Visualizzazione 501 - 600 di 840 CVE per Giugno 2025 (Pagina 6 di 9)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-5733 | 2025-06-06 | Modern Events Calendar <= 7.21.9 - Information Exposure |
| CVE-2025-5721 | 2025-06-06 | SourceCodester Student Result Management System Profile Setting Page update_profile cross site scripting |
| CVE-2025-36513 | 2025-06-06 | Cross-site request forgery vulnerability exists in surveillance cameras provided by... |
| CVE-2025-5722 | 2025-06-06 | SourceCodester Student Result Management System Add Academic Term terms cross site scripting |
| CVE-2025-5723 | 2025-06-06 | SourceCodester Student Result Management System Classes Page classes cross site scripting |
| CVE-2025-1778 | 2025-06-06 | Art Theme <= 3.12.2.3 - Missing Authorization to Authenticated (Subscriber+) Theme Option Delete |
| CVE-2025-1777 | 2025-06-06 | BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via ux_cb_page_options_save |
| CVE-2025-5724 | 2025-06-06 | SourceCodester Student Result Management System Subjects Page subjects cross site scripting |
| CVE-2025-5725 | 2025-06-06 | SourceCodester Student Result Management System Grading System Page grading-system cross site scripting |
| CVE-2023-2921 | 2025-06-06 | Short URL <= 1.6.8 - Subscriber+ SQLi |
| CVE-2025-5726 | 2025-06-06 | SourceCodester Student Result Management System Division System Page division-system cross site scripting |
| CVE-2025-5727 | 2025-06-06 | SourceCodester Student Result Management System Announcement Page announcement cross site scripting |
| CVE-2025-48902 | 2025-06-06 | Vulnerability of uncontrolled system resource applications in the setting module... |
| CVE-2025-48903 | 2025-06-06 | Permission bypass vulnerability in the media library module Impact: Successful... |
| CVE-2025-48904 | 2025-06-06 | Vulnerability that cards can call unauthorized APIs in the FRS... |
| CVE-2025-48905 | 2025-06-06 | Wasm exception capture vulnerability in the arkweb v8 module Impact:... |
| CVE-2025-48906 | 2025-06-06 | Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation... |
| CVE-2025-48907 | 2025-06-06 | Deserialization vulnerability in the IPC module Impact: Successful exploitation of... |
| CVE-2024-58114 | 2025-06-06 | Resource allocation control failure vulnerability in the ArkUI framework Impact:... |
| CVE-2025-5533 | 2025-06-06 | Knowledge Base <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5534 | 2025-06-06 | ESV Bible Shortcode for WordPress <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5019 | 2025-06-06 | Hive Support <= 1.2.4 - Cross-Site Request Forgery via hs_update_ai_chat_settings Function |
| CVE-2025-5586 | 2025-06-06 | WordPress Ajax Load More and Infinite Scroll <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2025-5699 | 2025-06-06 | Developer Formatter <= 2015.0.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom CSS |
| CVE-2025-5703 | 2025-06-06 | StageShow <= 10.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor Parameter |
| CVE-2025-5536 | 2025-06-06 | Freemind Viewer <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5018 | 2025-06-06 | Hive Support <= 1.2.4 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_support_get_all_binbox |
| CVE-2025-4966 | 2025-06-06 | WP Online Users Stats <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via hk_dataset_results Function |
| CVE-2025-4964 | 2025-06-06 | WP Online Users Stats <= 1.0.0 - Authenticated (Editor+) SQL Injection via table_name Parameter |
| CVE-2025-5538 | 2025-06-06 | BNS Featured Category <= 2.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-2935 | 2025-06-06 | Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms <= 2024.7 - Cross-Site Request Forgery to Multiple Administrative Actions |
| CVE-2025-5565 | 2025-06-06 | Hide It <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5541 | 2025-06-06 | Runners Log <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5486 | 2025-06-06 | WP Email Debug 1.0 - 1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Password Reset |
| CVE-2025-5563 | 2025-06-06 | WP-Addpub <= 1.2.8 - Authenticated (Contributor+) SQL Injection |
| CVE-2025-5686 | 2025-06-06 | Paged Gallery <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-48909 | 2025-06-06 | Bypass vulnerability in the device management channel Impact: Successful exploitation... |
| CVE-2025-48910 | 2025-06-06 | Buffer overflow vulnerability in the DFile module Impact: Successful exploitation... |
| CVE-2025-48911 | 2025-06-06 | Vulnerability of improper permission assignment in the note sharing module... |
| CVE-2025-48908 | 2025-06-06 | Ability Auto Startup service vulnerability in the foundation process Impact:... |
| CVE-2025-5728 | 2025-06-06 | SourceCodester Open Source Clinic Management System manage_website.php unrestricted upload |
| CVE-2025-5729 | 2025-06-06 | code-projects Health Center Patient Record Management System birthing_record.php sql injection |
| CVE-2025-5732 | 2025-06-06 | code-projects Traffic Offense Reporting System cross-site request forgery |
| CVE-2025-5734 | 2025-06-06 | TOTOLINK X15 HTTP POST Request formWlanRedirect buffer overflow |
| CVE-2025-5735 | 2025-06-06 | TOTOLINK X15 HTTP POST Request formSetLg buffer overflow |
| CVE-2025-5736 | 2025-06-06 | TOTOLINK X15 HTTP POST Request formNtp buffer overflow |
| CVE-2025-3321 | 2025-06-06 | Use of Hard-coded Credentials in OnlineSuite |
| CVE-2025-3322 | 2025-06-06 | Improper Neutralization of Special Elements in OnlineSuite |
| CVE-2025-3365 | 2025-06-06 | Relative Path Traversal in OnlineSuite |
| CVE-2025-5737 | 2025-06-06 | TOTOLINK X15 HTTP POST Request formDosCfg buffer overflow |
| CVE-2025-5738 | 2025-06-06 | TOTOLINK X15 HTTP POST Request formStats buffer overflow |
| CVE-2025-5739 | 2025-06-06 | TOTOLINK X15 HTTP POST Request formSaveConfig buffer overflow |
| CVE-2025-5192 | 2025-06-06 | Soar Cloud HRD Human Resource Management System - Missing Authentication for Critical Function |
| CVE-2025-48780 | 2025-06-06 | Soar Cloud HRD Human Resource Management System - Deserialization of Untrusted Data |
| CVE-2025-48781 | 2025-06-06 | Soar Cloud HRD Human Resource Management System - External Control of File Name or Path |
| CVE-2025-48782 | 2025-06-06 | Soar Cloud HRD Human Resource Management System - Unrestricted Upload of File with Dangerous Type |
| CVE-2025-48783 | 2025-06-06 | Soar Cloud HRD Human Resource Management System - External Control of File Name or Path |
| CVE-2025-48784 | 2025-06-06 | Soar Cloud HRD Human Resource Management System - Missing Authorization |
| CVE-2025-5755 | 2025-06-06 | SourceCodester Open Source Clinic Management System email_config.php sql injection |
| CVE-2025-5756 | 2025-06-06 | code-projects Real Estate Property Management System EditCity.php sql injection |
| CVE-2025-5757 | 2025-06-06 | code-projects Traffic Offense Reporting System save-reported.php cross site scripting |
| CVE-2025-5758 | 2025-06-06 | SourceCodester Open Source Clinic Management System doctor.php sql injection |
| CVE-2025-5759 | 2025-06-06 | PHPGurukul Local Services Search Engine Management System edit-person-detail.php sql injection |
| CVE-2025-5760 | 2025-06-06 | Simple History <= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode |
| CVE-2025-5239 | 2025-06-06 | Domain For Sale <= 3.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter |
| CVE-2025-48337 | 2025-06-06 | WordPress QuickCab plugin <= 1.3.3 - Broken Access Control vulnerability |
| CVE-2025-49077 | 2025-06-06 | WordPress Dynamic Pricing and Discount Rules plugin <= 2.2.9 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-5761 | 2025-06-06 | PHPGurukul BP Monitoring Management System edit-family-member.php sql injection |
| CVE-2025-49067 | 2025-06-06 | WordPress Nasa Core plugin < 6.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49068 | 2025-06-06 | WordPress Ocean Extra plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49074 | 2025-06-06 | WordPress WidgetKit plugin <= 2.5.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49075 | 2025-06-06 | WordPress Wishlist plugin <= 1.0.43 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49076 | 2025-06-06 | WordPress The Plus Addons for Elementor Page Builder Lite plugin <= 6.2.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48328 | 2025-06-06 | WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-48335 | 2025-06-06 | WordPress Responsive Plus plugin <= 3.2.0 - Broken Access Control vulnerability |
| CVE-2025-47586 | 2025-06-06 | WordPress Motors - Events plugin <= 1.4.7 - Unauthenticated Local File Inclusion vulnerability |
| CVE-2025-41360 | 2025-06-06 | Uncontrolled resource consumption vulnerability in IDF and ZLF |
| CVE-2025-47584 | 2025-06-06 | WordPress Photography theme <= 7.5.2 - PHP Object Injection vulnerability |
| CVE-2025-41362 | 2025-06-06 | Code injection vulnerability in IDF and ZLF |
| CVE-2025-39358 | 2025-06-06 | WordPress WP Posts Carousel <= 1.3.12 - PHP Object Injection Vulnerability |
| CVE-2025-41363 | 2025-06-06 | CORS vulnerability in IDF and ZLF |
| CVE-2025-48329 | 2025-06-06 | WordPress Real Time Validation for Gravity Forms plugin <= 1.7.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-41364 | 2025-06-06 | Stored Cross-Site Scripting (XSS) vulnerability in IDF and ZLF |
| CVE-2025-41365 | 2025-06-06 | Code injection vulnerability in IDF and ZLF |
| CVE-2025-41366 | 2025-06-06 | CORS vulnerability in IDF and ZLF |
| CVE-2025-41367 | 2025-06-06 | Stored Cross-Site Scripting (XSS) vulnerability in IDF and ZLF |
| CVE-2025-41361 | 2025-06-06 | Uncontrolled resource consumption vulnerability in IDF and ZLF |
| CVE-2025-5762 | 2025-06-06 | code-projects Patient Record Management System view_hematology.php sql injection |
| CVE-2025-5763 | 2025-06-06 | Tenda CP3 apollo sub_F3C8C command injection |
| CVE-2025-49073 | 2025-06-06 | WordPress Sweet Dessert < 1.1.13 - PHP Object Injection Vulnerability |
| CVE-2025-49072 | 2025-06-06 | WordPress Mr. Murphy < 1.2.12.1 - PHP Object Injection Vulnerability |
| CVE-2025-5764 | 2025-06-06 | code-projects Laundry System insert_laundry.php cross site scripting |
| CVE-2025-5765 | 2025-06-06 | code-projects Laundry System edit_laundry.php cross site scripting |
| CVE-2025-49235 | 2025-06-06 | WordPress RTMKit Addons for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49236 | 2025-06-06 | WordPress Raychat <= 2.1.0 - Broken Access Control Vulnerability |
| CVE-2025-49237 | 2025-06-06 | WordPress POEditor plugin <= 0.9.10 - CSRF to Arbitrary File Deletion vulnerability |
| CVE-2025-49238 | 2025-06-06 | WordPress Everest Backup <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49239 | 2025-06-06 | WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.5.0 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49240 | 2025-06-06 | WordPress DocsPress <= 2.5.2 - Broken Access Control Vulnerability |
| CVE-2025-49241 | 2025-06-06 | WordPress oik <= 4.15.1 - Broken Access Control Vulnerability |